Bugtraq mailing list archives
RE: Preventing exploitation with rebasing
From: Anonymous <xxxxxx () xxxxxxxx securityfocus com>
Date: Mon, 3 Feb 2003 17:21:54 -0500
-----Original Message----- From: David Litchfield [mailto:david () ngssoftware com] Sent: Tuesday, February 04, 2003 12:09 AM To: bugtraq () securityfocus com; ntbugtraq () listserv ntbugtraq com; vulnwatch () vulnwatch org Subject: Preventing exploitation with rebasing
So how easy is it to rebase DLLs and executables? Very. Microsoft have provided a function to do this, ReBaseImage(), exported by imagehlp.dll. If you rebase an image the new base must be on a 64K boundary - i.e. if the image base mod 64000 !=0 the base is not valid.
There is a tool called "ReBase" shipped with Visual C++ and Visual C++.NET. <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/perf util_2z39.asp> <quote> Rebase is a command-line tool that you can use to specify the base addresses for the DLLs that your application uses. </quote> <quote> Alternatively, you can use the ReBaseImage function. </quote>
Current thread:
- RE: Preventing exploitation with rebasing Anonymous (Feb 04)
- <Possible follow-ups>
- Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: Preventing exploitation with rebasing sd (Feb 04)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re: Preventing exploitation with rebasing Eugene Tsyrklevich (Feb 04)
- Re: Preventing exploitation with rebasing Torbjörn Hovmark (Feb 04)
- Re: Preventing exploitation with rebasing dullien (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re[2]: Preventing exploitation with rebasing dullien (Feb 04)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 04)
- Re: Preventing exploitation with rebasing sd (Feb 04)
- Re: Preventing exploitation with rebasing Charlie Root (Feb 05)